Datadog · Capability

Datadog API — Role

Datadog API — Role. 15 operations. Lead operation: Datadog Revoke Role from an Archive. Self-contained Naftiko capability covering one Datadog business surface.

Run with Naftiko DatadogRole

What You Can Do

DELETE
Removerolefromarchive — Datadog Revoke Role from an Archive
/v1/api/v2/logs/config/archives/{archive-id}/readers
POST
Addreadroletoarchive — Datadog Grant Role to an Archive
/v1/api/v2/logs/config/archives/{archive-id}/readers
GET
Getrolerestrictionquery — Datadog Get Restriction Query for a Given Role
/v1/api/v2/logs/config/restriction-queries/role/{role-id}
DELETE
Removerolefromrestrictionquery — Datadog Revoke Role from a Restriction Query
/v1/api/v2/logs/config/restriction-queries/{restriction-query-id}/roles
POST
Addroletorestrictionquery — Datadog Grant Role to a Restriction Query
/v1/api/v2/logs/config/restriction-queries/{restriction-query-id}/roles
POST
Createrole — Datadog Create Role
/v1/api/v2/roles
DELETE
Deleterole — Datadog Delete Role
/v1/api/v2/roles/{role-id}
GET
Getrole — Datadog Get a Role
/v1/api/v2/roles/{role-id}
PATCH
Updaterole — Datadog Update a Role
/v1/api/v2/roles/{role-id}
POST
Clonerole — Datadog Create a New Role by Cloning an Existing Role
/v1/api/v2/roles/{role-id}/clone
GET
Listrolepermissions — Datadog List Permissions for a Role
/v1/api/v2/roles/{role-id}/permissions
POST
Addpermissiontorole — Datadog Grant Permission to a Role
/v1/api/v2/roles/{role-id}/permissions
DELETE
Removeuserfromrole — Datadog Remove a User from a Role
/v1/api/v2/roles/{role-id}/users
GET
Listroleusers — Datadog Get All Users of a Role
/v1/api/v2/roles/{role-id}/users
POST
Addusertorole — Datadog Add a User to a Role
/v1/api/v2/roles/{role-id}/users

MCP Tools

datadog-revoke-role-archive

Datadog Revoke Role from an Archive

idempotent
datadog-grant-role-archive

Datadog Grant Role to an Archive

datadog-get-restriction-query-given

Datadog Get Restriction Query for a Given Role

read-only idempotent
datadog-revoke-role-restriction-query

Datadog Revoke Role from a Restriction Query

idempotent
datadog-grant-role-restriction-query

Datadog Grant Role to a Restriction Query

read-only
datadog-create-role

Datadog Create Role

datadog-delete-role

Datadog Delete Role

idempotent
datadog-get-role

Datadog Get a Role

read-only idempotent
datadog-update-role

Datadog Update a Role

idempotent
datadog-create-new-role-cloning

Datadog Create a New Role by Cloning an Existing Role

datadog-list-permissions-role

Datadog List Permissions for a Role

read-only idempotent
datadog-grant-permission-role

Datadog Grant Permission to a Role

datadog-remove-user-role

Datadog Remove a User from a Role

idempotent
datadog-get-all-users-role

Datadog Get All Users of a Role

read-only idempotent
datadog-add-user-role

Datadog Add a User to a Role

Capability Spec

datadog-role.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Datadog API — Role
  description: 'Datadog API — Role. 15 operations. Lead operation: Datadog Revoke Role from an Archive. Self-contained Naftiko
    capability covering one Datadog business surface.'
  tags:
  - Datadog
  - Role
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    DATADOG_API_KEY: DATADOG_API_KEY
capability:
  consumes:
  - type: http
    namespace: datadog-role
    baseUri: https://{subdomain}.{site}
    description: Datadog API — Role business capability. Self-contained, no shared references.
    resources:
    - name: api-v2-logs-config-archives-archive_id-readers
      path: /api/v2/logs/config/archives/{archive_id}/readers
      operations:
      - name: removerolefromarchive
        method: DELETE
        description: Datadog Revoke Role from an Archive
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: addreadroletoarchive
        method: POST
        description: Datadog Grant Role to an Archive
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-v2-logs-config-restriction_queries-role-role_id
      path: /api/v2/logs/config/restriction_queries/role/{role_id}
      operations:
      - name: getrolerestrictionquery
        method: GET
        description: Datadog Get Restriction Query for a Given Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v2-logs-config-restriction_queries-restriction_query_id-roles
      path: /api/v2/logs/config/restriction_queries/{restriction_query_id}/roles
      operations:
      - name: removerolefromrestrictionquery
        method: DELETE
        description: Datadog Revoke Role from a Restriction Query
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: addroletorestrictionquery
        method: POST
        description: Datadog Grant Role to a Restriction Query
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-v2-roles
      path: /api/v2/roles
      operations:
      - name: createrole
        method: POST
        description: Datadog Create Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-v2-roles-role_id
      path: /api/v2/roles/{role_id}
      operations:
      - name: deleterole
        method: DELETE
        description: Datadog Delete Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: getrole
        method: GET
        description: Datadog Get a Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updaterole
        method: PATCH
        description: Datadog Update a Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-v2-roles-role_id-clone
      path: /api/v2/roles/{role_id}/clone
      operations:
      - name: clonerole
        method: POST
        description: Datadog Create a New Role by Cloning an Existing Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-v2-roles-role_id-permissions
      path: /api/v2/roles/{role_id}/permissions
      operations:
      - name: listrolepermissions
        method: GET
        description: Datadog List Permissions for a Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: addpermissiontorole
        method: POST
        description: Datadog Grant Permission to a Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-v2-roles-role_id-users
      path: /api/v2/roles/{role_id}/users
      operations:
      - name: removeuserfromrole
        method: DELETE
        description: Datadog Remove a User from a Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: listroleusers
        method: GET
        description: Datadog Get All Users of a Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: sort
          in: query
          type: string
          description: User attribute to order results by. Sort order is **ascending** by default.
        - name: filter
          in: query
          type: string
          description: Filter all users by the given string. Defaults to no filtering.
      - name: addusertorole
        method: POST
        description: Datadog Add a User to a Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    authentication:
      type: bearer
      token: '{{env.DATADOG_API_KEY}}'
  exposes:
  - type: rest
    namespace: datadog-role-rest
    port: 8080
    description: REST adapter for Datadog API — Role. One Spectral-compliant resource per consumed operation, prefixed with
      /v1.
    resources:
    - path: /v1/api/v2/logs/config/archives/{archive-id}/readers
      name: api-v2-logs-config-archives-archive-id-readers
      description: REST surface for api-v2-logs-config-archives-archive_id-readers.
      operations:
      - method: DELETE
        name: removerolefromarchive
        description: Datadog Revoke Role from an Archive
        call: datadog-role.removerolefromarchive
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: addreadroletoarchive
        description: Datadog Grant Role to an Archive
        call: datadog-role.addreadroletoarchive
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/logs/config/restriction-queries/role/{role-id}
      name: api-v2-logs-config-restriction-queries-role-role-id
      description: REST surface for api-v2-logs-config-restriction_queries-role-role_id.
      operations:
      - method: GET
        name: getrolerestrictionquery
        description: Datadog Get Restriction Query for a Given Role
        call: datadog-role.getrolerestrictionquery
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/logs/config/restriction-queries/{restriction-query-id}/roles
      name: api-v2-logs-config-restriction-queries-restriction-query-id-roles
      description: REST surface for api-v2-logs-config-restriction_queries-restriction_query_id-roles.
      operations:
      - method: DELETE
        name: removerolefromrestrictionquery
        description: Datadog Revoke Role from a Restriction Query
        call: datadog-role.removerolefromrestrictionquery
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: addroletorestrictionquery
        description: Datadog Grant Role to a Restriction Query
        call: datadog-role.addroletorestrictionquery
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/roles
      name: api-v2-roles
      description: REST surface for api-v2-roles.
      operations:
      - method: POST
        name: createrole
        description: Datadog Create Role
        call: datadog-role.createrole
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/roles/{role-id}
      name: api-v2-roles-role-id
      description: REST surface for api-v2-roles-role_id.
      operations:
      - method: DELETE
        name: deleterole
        description: Datadog Delete Role
        call: datadog-role.deleterole
        outputParameters:
        - type: object
          mapping: $.
      - method: GET
        name: getrole
        description: Datadog Get a Role
        call: datadog-role.getrole
        outputParameters:
        - type: object
          mapping: $.
      - method: PATCH
        name: updaterole
        description: Datadog Update a Role
        call: datadog-role.updaterole
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/roles/{role-id}/clone
      name: api-v2-roles-role-id-clone
      description: REST surface for api-v2-roles-role_id-clone.
      operations:
      - method: POST
        name: clonerole
        description: Datadog Create a New Role by Cloning an Existing Role
        call: datadog-role.clonerole
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/roles/{role-id}/permissions
      name: api-v2-roles-role-id-permissions
      description: REST surface for api-v2-roles-role_id-permissions.
      operations:
      - method: GET
        name: listrolepermissions
        description: Datadog List Permissions for a Role
        call: datadog-role.listrolepermissions
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: addpermissiontorole
        description: Datadog Grant Permission to a Role
        call: datadog-role.addpermissiontorole
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v2/roles/{role-id}/users
      name: api-v2-roles-role-id-users
      description: REST surface for api-v2-roles-role_id-users.
      operations:
      - method: DELETE
        name: removeuserfromrole
        description: Datadog Remove a User from a Role
        call: datadog-role.removeuserfromrole
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: GET
        name: listroleusers
        description: Datadog Get All Users of a Role
        call: datadog-role.listroleusers
        with:
          sort: rest.sort
          filter: rest.filter
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: addusertorole
        description: Datadog Add a User to a Role
        call: datadog-role.addusertorole
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: datadog-role-mcp
    port: 9090
    transport: http
    description: MCP adapter for Datadog API — Role. One tool per consumed operation, routed inline through this capability's
      consumes block.
    tools:
    - name: datadog-revoke-role-archive
      description: Datadog Revoke Role from an Archive
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: datadog-role.removerolefromarchive
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: datadog-grant-role-archive
      description: Datadog Grant Role to an Archive
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: datadog-role.addreadroletoarchive
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: datadog-get-restriction-query-given
      description: Datadog Get Restriction Query for a Given Role
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: datadog-role.getrolerestrictionquery
      outputParameters:
      - type: object
        mapping: $.
    - name: datadog-revoke-role-restriction-query
      description: Datadog Revoke Role from a Restriction Query
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: datadog-role.removerolefromrestrictionquery
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: datadog-grant-role-restriction-query
      description: Datadog Grant Role to a Restriction Query
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: datadog-role.addroletorestrictionquery
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: datadog-create-role
      description: Datadog Create Role
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: datadog-role.createrole
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: datadog-delete-role
      description: Datadog Delete Role
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: datadog-role.deleterole
      outputParameters:
      - type: object
        mapping: $.
    - name: datadog-get-role
      description: Datadog Get a Role
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: datadog-role.getrole
      outputParameters:
      - type: object
        mapping: $.
    - name: datadog-update-role
      description: Datadog Update a Role
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: datadog-role.updaterole
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: datadog-create-new-role-cloning
      description: Datadog Create a New Role by Cloning an Existing Role
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: datadog-role.clonerole
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: datadog-list-permissions-role
      description: Datadog List Permissions for a Role
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: datadog-role.listrolepermissions
      outputParameters:
      - type: object
        mapping: $.
    - name: datadog-grant-permission-role
      description: Datadog Grant Permission to a Role
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: datadog-role.addpermissiontorole
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: datadog-remove-user-role
      description: Datadog Remove a User from a Role
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: datadog-role.removeuserfromrole
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: datadog-get-all-users-role
      description: Datadog Get All Users of a Role
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: datadog-role.listroleusers
      with:
        sort: tools.sort
        filter: tools.filter
      outputParameters:
      - type: object
        mapping: $.
    - name: datadog-add-user-role
      description: Datadog Add a User to a Role
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: datadog-role.addusertorole
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.